Office 365 Directory Synchronization

April 15, 2023 1

Office 365 Directory SynchronizationAmit Vasu

Momentum Digital Solutions Inc.

April 15, 2023 2

Agenda

O365 - DirSync

Overview - Azure Active Directory

DirSync Sync Tools

Setting up DEV environment

April 15, 2023 3

Microsoft Community

Contributor (MCC)

Senior SharePoint Consultant

@amitvasuMCP – SP 2013

BLOG – www.amitvasu.comO365 - DirSync

April 15, 2023 4

Azure Active Directory- Overview

April 15, 2023 5

Provides a robust set of capabilities to manage users and groups

Comes in three editions Free, Basic, Premium

World’s largest cloud directory

Identity and Access Management for the Cloud

April 15, 2023 6

Enable single sign-on to thousands of cloud applications from Windows, Mac, Android and iOS devices.

Works with third party identity providers

Simplify user access to any cloud app

April 15, 2023 7

Provides Multi-Factor Authentication

Security monitoring and Alerts

Machine learning based reports

Protect sensitive data and applications

April 15, 2023 8

Sign-in Model for

April 15, 2023 9

Cloud Identity

April 15, 2023 10

Synchronized Identity

April 15, 2023 11

Federated Identity

April 15, 2023 12

Directory Synchronization - Overview

April 15, 2023 13

Synchronizes users, passwords, security groups, distribution lists, contacts, and conference rooms.

Enables unified Global Address List with Exchange Online

Support multiple sync scenarios i.e. DirSync, DirSync/Password, DirSync/SSO

Identity and Access Management for the Cloud

April 15, 2023 14

Default every 3 hours.

Can be modified by updating Microsoft.Online.DirSync.Scheduler.exe.Config

Find the key: <add key="SyncTimeInterval" value="3:0:0" /> and replace value with your desired time.

Restart the Windows Azure Active Directory Sync Service

Synchronization interval

April 15, 2023 15

Up to 50k objects with no verified domain

Increased to 300k objects with first verified domain Each tenant is only granted one increase

Unlimited if you have Azure Active Directory Basic or Premium subscription

Directory Quota Limit

April 15, 2023 16

Must be running version 6382.0000 or greater of the Directory Sync tool in order to enable the Password Sync feature

Does not mean its SSO as there is not token sharing

Passwords are synchronized every two minutes

The synchronization of a password has no impact on currently logged on users.

Password Sync

April 15, 2023 18

Location which is original source of Active Directory objects

Azure AD requires a single source of authority for every object.

By default, Azure AD directory objects are mastered in the cloud.

Source of Authority

April 15, 2023 19

Three scenarios where source of authority may get changed for an object

Activate Deactivate Reactivate*

Changing Source of Authority

April 15, 2023 20

Directory Synchronization - Tools

April 15, 2023 21

Most commonly-known product is the Directory Sync tool (DirSync).

Download link from the Office 365 portal.

Directory Sync

Relies on Forefront Identity Manager (FIM) for Synchronization.

April 15, 2023 22

Successor to DirSync and eventually will replace DirSync.

Supports Multi-Forest Synchronization.

Advanced provisioning, mapping and filtering rules for objects and attributes.

Azure Active Directory Synchronization (AAD Sync)

April 15, 2023 23

At some point in the future AADConnect will be the single choice.

Will also assist you to set up AD FS

AADConnect will simplify the deployment and configuration of your end-to-end identity setup.

COMPARE FEATURES: https://msdn.microsoft.com/en-us/library/azure/dn757582.aspx

Azure Active Directory Connect

April 15, 2023 24

System Requirements

April 15, 2023 25

64-bit edition of Windows Server 2008 Standard, Enterprise, or Datacenter edition with SP1 or later

Windows Server 2008 R2 Standard, Enterprise, or Datacenter edition with SP1 or later

Windows Server 2012 Standard or Datacenter

Windows Server 2012 R2 Standard or Datacenter

Directory Synchronization Computer - OS

April 15, 2023 26

It must be joined to Active Directory.

It must run the Microsoft .NET Framework 3.5 SP1 and the Microsoft .NET Framework 4.5.1

It must run Windows PowerShell

It must be located in an access-controlled environment.

Directory Synchronization Computer

April 15, 2023 27

Windows Server 2003 forest functional mode or higher

32-bit or 64-bit Windows Server 2003 Standard Edition or Enterprise Edition with Service Pack 1 (SP1)

32-bit or 64-bit edition of the Windows Server 2008 Standard or Enterprise, Windows Server 2008 R2 Standard or Enterprise, or Windows Server 2008 Datacenter or Windows Server 2008 R2 Datacenter.

Windows Server 2012 Standard or Datacenter.

Directory Synchronization – Domain Controller

April 15, 2023 28

You must have administrator permissions for the following:

The computer running the Directory Sync tool.

Your company’s local Active Directory.

Your company’s Microsoft cloud service administrator account.

Permissions

April 15, 2023 29

DirSync can be installed on Domain Controller

Requires version 6553.0002 and newer

Steps to install DirSync on a DC is exactly the same.

Directory Synchronization on Domain Controller

Just because you can does not mean you should.

Follow the best practice and install DirSync on separate server.

April 15, 2023 30

Setting up Directory Sync

April 15, 2023 31

Setting up Development Environment

April 15, 2023 32

Sign up for Azure free one month trialhttp://azure.microsoft.com/en-us/pricing/free-trial/

Create Domain Controller in Azure using the following HOLhttp://azure.microsoft.com/en-us/documentation/articles/active-directory-new-forest-virtual-machine/

Sign-up for Office 365 trial (30 day)https://portal.office.com/partner/partnersignup.aspx?type=Trial&id=3dd59a14-63ab-4c89-acce-c065ac672e46&msppid=2971477

• May 14th and 15th – 8am to 6pm PST (Pacific)• Steve Guggenheimer Keynote at 8am on May 14th

• OPEN TO THE EVERYONE!• 5 TRACKS

• IT Pro | Developer | Consumer | LATAM Track (Spanish) | Brazil Track (Portuguese)

• REGISTER HERE: http://mvp.microsoft.com/en-us/virtualconference.aspx• MVP Home Page > Events > 2015 Microsoft MVP Virtual Conference

Thank You

Office 365 Directory Synchronization

Software

Office 365 Identity Beta Service Description - IT Solutions · Active Directory Synchronization and Identity ... In companies with on-premises Active Directory , users can sign into

to Microsoft Office 365 - Avtexavtex.com/wp-content/uploads/2017/01/Portals-CollabSmall.pdf · the Transition to Microsoft Office 365 ... an Active Directory Synchronization server

CA SiteMinder Federation Runbook for Microsoft Office 365 · CA SiteMinder Federation Runbook for Microsoft ... for Office 365 for user synchronization. ... This example demonstrates

Directory Synchronization Client Administrator's … Synchronization Client Administrator’s Guide ... such as Microsoft Active Directory and ... Renaming groups in your directory,

Microsoft Office 365 Directory Synchronization and Federation Options

MICROSOFT ACTIVE DIRECTORY SYNCHRONIZATION, ADFS, AND

Setup Office 365 Single Sign-on with Active Directory ... · Setup Office 365 Single Sign-on with Active Directory Federation Services by Muditha Jayath Chathuranga is licensed under

Office 365 for IT Pros - Amazon S3 · This information supplements the content presented Office 365 for IT Pros ... Adding Domain Names to Office 365 ... Implementing Directory Synchronization

Office 365 Hybrid Deployment Part 1 - Techstravaganza · Azure Active Directory synchronization ... Office 365 Active Directory synchronization ... Office 365 Hybrid Deployment Part

Directory Synchronization Single Sign-On in Office 365

Disclaimer - Microsoft · Disclaimer Please Note: ... Office 365 Hybrid Deployment and Migration Part 1 ... directory synchronization after the migration is complete)

Robust data synchronization with ibm tivoli directory integrator sg246164

Change Auditor Office 365 and Azure Active Directory ...support-public.cfm.quest.com/...AzureActiveDirectory_Auditing_6.9... · Directory Auditing Overview • Introduction ... Active

Password Synchronization Plug-ins GuideTivoli ® Directory Integrator Version 7.1 Password Synchronization Plug-ins Guide SC27-2708-00

Office 365 for Centrify Identity Services · Office 365 for Centrify Identity Services ... How the directory service and Office 365 authenticate users from the ... synchronization

Using Exclaimer Signature Managerdocs.exclaimer.com/Using-Exclaimer-Signature-Manager...Office-365... · Using Exclaimer Signature Manager ... Active Directory Synchronization This

Password Synchronization forActive Directory Plug …€¦ · IBM Security Identity Manager Version 6.0 Password Synchronization forActive Directory Plug-in Installation and Configuration

MICROSOFT 70-346 EXAM QUESTIONS & ANSWERS · MICROSOFT 70-346 EXAM QUESTIONS & ANSWERS ... synchronize the local Active Directory with Office 365. ... an Office 365 environment. Synchronization

Office 365 for IT Pros - Microsoft · Requires Directory Synchronization with on-premises AD ... Out of Office understands that cross-premises is “internal” to the ... Office

Lecture 10: Directory-Based Coherence + Implementing ...cs149.stanford.edu/winter19content/lectures/10_synchronization/10... · Directory-Based Coherence + Implementing Synchronization